The best security practice is not to use FTP on an insecure network except for "anonymous" downloads. All FTP traffic, including userid and password transmission, is conducted in the clear. On OpenBSD, the secure replacement for FTP is sftp(1), a component of OpenSSH. This uses SSH for file transfer, and includes completely encrypted traffic and the entire suite of SSH authentication methods. On Windows, OpenSSH (including sftp) is available under Cygwin.

By default, /var/www/htdocs is owned by root:daemon and the directory is filemode 755, so only root has write access. Rather than creating a series of symbolic links, you could change htdocs ownership to oem:daemon.